* Add beforeLogin trigger with support for auth providers
* adjust comment that boxed off beforeLogin to a negative use-case only
* add internal error to help future maintainers regarding use of beforeLogin
* let beforeLogin accept className or constructor like other hook types
* add assertions for beforeLogin trigger className validation
* Auth module refactoring in order to be reusable
* Ensure cache controller is properly forwarded from helpers
* Nits
* Adds support for static validation
* Adds support for CLP in Live query (no support for roles yet)
* Adds e2e test to validate liveQuery hooks is properly called
* Adds tests over LiveQueryController to ensure data is correctly transmitted
* nits
* Fixes for flow types
* Removes usage of Parse.Promise
* Use the Auth module for authentication and caches
* Cleaner implementation of getting auth
* Adds authCache that stores auth promises
* Proper testing of the caching
* nits
* Fixes an issue that would let the beforeDelete be called when user has no access to the object
* Ensure we properly lock user
- Improves find method so we can attempt to read for a write poking the right ACL instead of using masterKey
- This ensure we do not run beforeDelete/beforeFind/beforeSave in the wrong scenarios
* nits
* Caps insufficient
* Allows masterKey to lock _User object and prevent login with email / password
* Ensure the authData based auth can be locked out as well when accounts is masterKey only
* Fixes an issue where a beforeSave hook could cause a numeric val to be dropped in response.
* Use hasOwnProperty to check instead
* Remove redundant set
* Tweaks test in order to show the error
- Session is effectively created when it should not
* Do not create a session when users need verified accounts on signup
* Adds test to repro the issue
* Improved test
* Destroy duplicate sessions for User/Installation-id pair
- Sessions will also be created with action login instead of signup when using 3rd party auth
* Makes sure we don't override roles
* Reduces the query size whith pointer permissions
- Does not return as $and if not needed
- Returns just the query with the additional constraint
* Do not use $in if include is just of length 1
* Makes InstallationRouter like others
* Adds testing for Range file requests
- Fixes issue with small requests (0-2)
* Revert "Makes InstallationRouter like others"
This reverts commit e2d2a16ebf2757db6138c7b5b33c97c56c69ead6.
* Better handling of errors in FilesRouter
* Fix incorrectness in range requests
* Better/simpler logic
* Only on mongo at it requires Gridstore
* Open file streaming to all adapters supporting it
* Improves coverage of parsers
* Ensures depreciation warning is effective
* Removes unused function
* de-duplicate logic
* Removes necessity of overriding req.params.className on subclasses routers
* Use babel-preset-env to ensure min-version compatible code
* removes dead code
* Leverage indexes in order to infer which field is duplicated upon signup
- A note mentioned that it would be possible to leverage using the indexes on username/email to infer which is duplicated
* Small nit
* Better template to match column name
* Restores original implementation for safety
* nits
* Adds failing test,
the _User object is not updated as soon as you pass some authData part of the PUT
* Do not run the DB call when updating the user with new auth data, just part of the rest
* The 'beforeSave' trigger breaks requests using the dot notation for subdocuments (cf #567)
* Convert 'var' to 'let' / 'const'
* Convert 'var' to 'const'
* Use RestWrite when verifying emails so hooks are called (as master)
* Fixes tests for postgres
* nit
* Makes rest.update support a full where instead of objectId
* Use rest.update to guaranteed proper beforeSave and liveQuery calls
* Adds test for the new feature
* Re-validate authData only if mutated
- In case of short-lived tokens (like facebook) this will allow clients to be lax with asking users to re-login
* adds resetTokenValidityDuration setting
* adds a validator to validate password that can be used to enforce strong
passwords
* adds unit tests for passwordPolicy.validator
* adds unit tests to to fail reset password function if password is not in a valid format
* updates README.md for passwordPolicy
* prevents duplicate check for password validator in updateUserPassword
* adds optional setting to disallow username in password
* updates test cases to use fdescribe instead of describe
* updates test cases to use request-promise instead of request
* adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator
* expect username parameter in redirect to password_reset_success
* adds support for _perishable_token_expires_at in postgres
